ruby/rubygems.con
Jarek Prokop 9cc2902e69 Upgrade to Ruby 3.3.5.
Fix DoS vulnerability in rexml.
(CVE-2024-39908)
(CVE-2024-41946)
(CVE-2024-43398)

Fix REXML DoS when parsing an XML having many specific characters such as
whitespace character, >] and ]>.
(CVE-2024-41123)

Upgrade by merging Fedora changes up to commit:
b7e197fb88

Exclude:
- Generate RPM dependencies with RPM 4.20 API
  6bed1e3bd5
We don't have new enough RPM.

Resolves: RHEL-59035
Resolves: RHEL-57047
Resolves: RHEL-57059
Resolves: RHEL-57070
Resolves: RHEL-52802
2024-09-17 17:42:49 +02:00

53 lines
1.5 KiB
Ruby

#!/usr/bin/ruby
require 'rubygems/package'
module RubyGemsReq
module Helpers
# Keep only '!=' requirements.
def self.conflicts(requirements)
conflicts = requirements.select {|r| r.first == '!='}
end
# Converts Gem::Requirement into array of requirements strings compatible
# with RPM .spec file.
def self.requirement_versions_to_rpm(requirement)
self.conflicts(requirement.requirements).map do |op, version|
version == Gem::Version.new(0) ? "" : "= #{version}"
end
end
end
# Report conflicting gem dependencies including their version.
def self.gem_dependencies(specification)
specification.runtime_dependencies.each do |dependency|
conflict_strings = Helpers::requirement_versions_to_rpm(dependency.requirement).map do |requirement|
requirement_string = "rubygem(#{dependency.name}) #{requirement}"
end
if conflict_strings.length > 0
conflict_string = conflict_strings.join(' with ')
conflict_string.prepend('(').concat(')') if conflict_strings.length > 1
puts conflict_string
end
end
end
# Reports all conflicts specified by all provided .gemspec files.
def self.conflicts
while filename = gets
filename.strip!
begin
specification = Gem::Specification.load filename
gem_dependencies(specification)
rescue => e
# Ignore all errors.
end
end
end
end
if __FILE__ == $0
RubyGemsReq::conflicts
end